Home / Welcome / Frequently Asked Questions / Single sign on support

Single sign on support

Docuseek support for Single Sign-On

Docuseek supports single sign-on (SSO) via OpenAthens. Docuseek is also listed with the InCommon federation and most other federations.

To set up SSO with Docuseek, allocate Docuseek via the OpenAthens Resource Catalogue or the equivalent with your federation, and send your EntityID and scope to support@docuseek2.com.

Docuseek supports authentication by IP address, single sign-on via OpenAthens and other federations, or both.

If you opt for both IP authentication and SSO, Docuseek will first try to authenticate by IP address, and if that fails, attempt to log in the user via SSO. Use this option if you want on-campus users to avoid needing to login before accessing Docuseek content, or if you want to provide access to walk-in users who may not have institutional credentials.

If SSO is turned on for your institution:

  • Users who select your institution from the dropdown will be redirected to your OpenAthens SSO login page. If authentication is successful, the user will be redirected to the Docuseek home page.
  • If a user accesses an institution-specific URL, they will be redirected to your OpenAthens SSO login page, and, if authentication is successful, the user will be redirected to the film page.
  • Users will be logged in as a generic user.
  • Users may create a Docuseek login to access additional features like playlists and clips.
  • Once a user has logged in via SSO, they may then login with their Docuseek credentials.
Note: If you see a "Forbidden" page when trying to access Docuseek, your institution may have enabled restrictions on who can access what, using the OpenAthen permissions system. The permissions system is optional and turned off by default. If you have turned on this restrictive mode, you will need to enable access to Docuseek for your users. OpenAthens has a document (see link below) which shows you how to allow access to resources. See the section 'Adding resources to a permission set'. Essentially you just need to search for your resource in your list of resources and click 'allocate', and then select which user groups should have access.

Here is more information on OpenAthens permission sets: https://docs.openathens.net/display/public/MD/Permission+sets

If you use the OpenAthens proxy server, you may see two Docuseek resources in the OpenAthens resource catalog. One of the resources refers to your proxy service. The Docuseek single sign-on resource is called "Docuseek" with our logo, with a subtitle of "Docuseek video streaming platform".

For OpenAthens support, please visit https://support.openathens.net/

Note: If you see the message "Unable to complete the SSO login!" message (which disappears after several seconds), and instead of going to the film page, you are redirected to the Docuseek home page and not logged in, the Federation Scope that we have on file for you may be incorrect. You may verify the Scope we have via the My Docuseek page, on the Account Info tab, towards the lower left side of the page. Email support@docuseek2.com if the information is incorrect.

Using Docuseek with course management systems with SSO
If you are using SSO, embedding a Docuseek iframe on a course management system page may result in errors due to the authentication happening in a page inside of an iframe.
To work around this problem, use the Docuseek link to the film (appears under "Permanent Link") on the page instead of the embed / iframe code.

For details on the Docuseek Entity ID, see https://met.refeds.org/met/search_service/?entityid=docuseek

Using Docuseek with InCommon

The Docuseek Entity ID for Incommon is: https://docuseek2.com/oa/entity

For Docuseek to work with your SSO system, make sure your system is releasing to us the eduPersonTargetedID AND derivedEduPersonScope; OR eduPersonScopedAffiliation (which should be in the form of value@domain.edu) OR realmName.

Also, you may need to create an entry for Docuseek in your attribute filter file, and release data specific to Docuseek based on our Entity ID. See the previous paragraph for the values that we need. Here is an example of an Attribute Filter Policy from one customer:

<AttributeFilterPolicy id="releaseToDocuseek2">
    <PolicyRequirementRule xsi:type="Requester" value="https://docuseek2.com/oa/entity" />
    <AttributeRule attributeID="mail" permitAny="true" />
    <AttributeRule attributeID="uid" permitAny="true" />
    <AttributeRule attributeID="givenName" permitAny="true" />
    <AttributeRule attributeID="sn" permitAny="true" />
    <AttributeRule attributeID="displayName" permitAny="true" />
    <AttributeRule attributeID="eduPersonPrincipalName" permitAny="true" />
    <AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
    <AttributeRule attributeID="eduPersonAffiliation" permitAny="true" />
</AttributeFilterPolicy>

Miscellaneous

The Docuseek SP Entity ID is: https://docuseek2.com/oa/entity

The Docuseek IDP Entity ID is: https://idp.docuseek2.com/openathens

Docuseek SP metadata




 RSS of this page